1. Technical Field
This disclosure is directed to a new trust metric for a network of public key certificates.
2. Discussion of Related Art
In any networked situation, trust in entities, especially business entities with which a user may have monetary transactions, is a challenging issue. Consider the case of the public key infrastructure (PKI), where a reputed entity called certificate authority (CA) authenticates, usually via a chain of public key authentications, a target entity's public key and other information about the target entity. This, however, requires a user's implicit trust in the CA's ability to associate the “other information” with the target public key. As the authentication of the target public key is done via a chain of authentications, a similar trust in the ability of intermediaries in associating information about the next entity in the chain with the public key of the next entity is required. On top of this, the user must trust CA's public key. Although this last trust may be justified, hinted by the fact that the CA is a reputed entity, the trust in other entities in the chain of authentications is never perfect.
Thus, a user is inevitably led to determine the net trust it can place in the full chain of authentications, usually by various algebras on trust metrics. Moreover, this net trust, or the utility of this trust, also depends on the kind of information that was authenticated. For example, if the information in a certificate authenticates a public key with a business name and its web address, then the user's net trust determined by such algebras is only about the public key being associated with the business name. The user must independently determine how much it trusts the business name being a bona-fide business. On the other hand, if the certificate also authenticates, along with the above information, that the business has a five star service quality, then the user is more inclined to trust the business.
A simplistic trust metric is used in PGP (Pretty Good Privacy). However, it does not address the situation where fictitious copies of entities are created just to boost the trust of a certain entity. Even in the context of PKI, various trust metrics have been proposed. Of particular importance is the work of Reiter and Stubblebine, “Toward Acceptable Metrics of Authentication”, Proc. IEEE Symp. on Security and Privacy, 1997, the contents of which are herein incorporated by reference in their entirety, who proposed a set of eight principles which a good trust metric should follow. Reiter and Stubblebine also proposed a metric which claimed to follow these principles. As one of the more important principles, they had required that the metric's output should be intuitive and relevant to the authentication decision. Following this principle, in their solution, a metric can be computed which represents the amount for which the information bound to the target public key is insured. Another important principle states that the metric should be resilient to modifications of the model by misbehaving parties. Since their metric computes a minimum insured value regardless of misbehavior of all parties (except the root), this principle is satisfied.
Although, this metric is useful to a user, and also remedies many other issues with earlier metrics, it has some drawbacks: (a) it does not tell the user what the premium for the insurance is, (b) it does not model how the insurance amounts were determined, and (c) it forces the user to deal with all entities in the network for insurance claims. Although, the drawbacks (b) and (c) may really be implementation issues, drawback (a) may be of real concern, and actually violates one of their principles, namely “the metric should take into account as much information as possible that is relevant to the authentication decision that the user is trying to make”.